1. Deploy a containerized Jenkins CI/CD pipeline by using Terraform on Oracle Cloud Infrastructure
  2. Deploy a Dockerized Jenkins CI/CD Pipeline by Using Terraform on Oracle Cloud Infrastructure

Deploy a Dockerized Jenkins CI/CD Pipeline by Using Terraform on Oracle Cloud Infrastructure

Rapid delivery of software is important for efficiently running your applications in the cloud. Jenkins is a popular product for automating the Continuous Integration and Continuous Deployment (CI/CD) pipelines for workloads in Oracle Cloud. You can host Jenkins on Oracle Cloud Infrastructure (OCI) to centralize your build automation and scale your deployment as your software projects grow.

Architecture

This reference architecture shows how to use Terraform to deploy a containerized Jenkins controller agent on a single Oracle Linux VM. When deployed, an Oracle Linux compute instance will be created. This instance will host two separate Docker containers on top of it: one for the Jenkins controller and the other for the Jenkins agent.

The solution also saves the controller configuration and agent workspaces on OCI block storage, which is attached to the compute instance. A separate VCN will be created on OCI to host all the services in the deployment.

The following diagram illustrates this reference architecture.


Description of dock-jenkins-cicd-pipe.png follows
Description of the illustration dock-jenkins-cicd-pipe.png

dock-jenkins-cicd-pipe-oracle.zip

This architecture has the following components:
  • Region

    An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

  • Compartment

    Compartments are cross-region logical partitions within an Oracle Cloud Infrastructure tenancy. Use compartments to organize your resources in Oracle Cloud, control access to the resources, and set usage quotas. To control access to the resources in a given compartment, you define policies that specify who can access the resources and what actions they can perform.

  • Availability domains

    Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.

  • Virtual cloud network (VCN) and subnets

    A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

  • Compute instance

    Jenkins is deployed to a Compute instance VM with two containers running, one as the controller and another as the agent.

  • Route Table

    Virtual route tables contain rules to route traffic from subnets to destinations outside a VCN, typically through gateways.

  • Security list

    For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.

  • Jenkins

    Jenkins is an open-source automation server that lets developers reliably build, test, and deploy software. Jenkins supports the master/agent mode, where the workload of building projects is delegated to multiple agent nodes by the master. A single Jenkins installation can host multiple projects or provide different environments for builds and tests.

  • Block Storage

    With block storage volumes, you can create, attach, connect, and move storage volumes, and change volume performance to meet your storage, performance, and application requirements. After you attach and connect a volume to an instance, you can use the volume like a regular hard drive. You can also disconnect a volume and attach it to another instance without losing data. This will be used to save Jenkins' controller configuration and agent workspaces.

Recommendations

Use the following recommendations as a starting point when deployinh a containerized Jenkins CI/CD pipeline by using Terraform on OCI. Your requirements might differ from the architecture described here.
  • VCN

    When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.

    Select CIDR blocks that don't overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) to which you intend to set up private connections.

    After you create a VCN, you can change, add, and remove its CIDR blocks.

    When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.

    Use regional subnets.

  • Security

    Use Oracle Cloud Guard to monitor and maintain the security of your resources in OCI proactively. Cloud Guard uses detector recipes that you can define to examine your resources for security weaknesses and to monitor operators and users for risky activities. When any misconfiguration or insecure activity is detected, Cloud Guard recommends corrective actions and assists with taking those actions, based on responder recipes that you can define.

    For resources that require maximum security, Oracle recommends that you use security zones. A security zone is a compartment associated with an Oracle-defined recipe of security policies that are based on best practices. For example, the resources in a security zone must not be accessible from the public internet and they must be encrypted using customer-managed keys. When you create and update resources in a security zone, OCI validates the operations against the policies in the security-zone recipe, and denies operations that violate any of the policies.

  • Cloud Guard

    Clone and customize the default recipes provided by Oracle to create custom detector and responder recipes. These recipes enable you to specify what type of security violations generate a warning and what actions are allowed to be performed on them. For example, you might want to detect Object Storage buckets that have visibility set to public.

    Apply Cloud Guard at the tenancy level to cover the broadest scope and to reduce the administrative burden of maintaining multiple configurations.

    You can also use the Managed List feature to apply certain configurations to detectors.

  • Security lists

    Use security lists to define ingress and egress rules that apply to the entire subnet.

Considerations

Consider the following points when deploying this reference architecture.

  • Performance

    To get the best performance, ensure that the compute instance has sufficient cores and memory, which is based on the build or other tasks run by Jenkins.

  • Security

    Use policies to restrict who can access the OCI resources that your company has and how.

  • Availability

    This is a minimal design to get you up and running as fast as possible. For higher availability, you can refer to the deployment described in the Reference Architecture, Deploy Jenkins in controller/agent mode, which you can access from the Explore More topic, below.

  • Cost

    The cost of this implementation is based on the compute hours for the running VM.

Deploy

The Terraform code for deploying a containerized Jenkins CI/CD pipeline by using Terraform on OCI is available from the Oracle Cloud Infrastructure Resource Manager or in GitHub.

  • Deploy using the sample stack in Oracle Cloud Infrastructure Resource Manager:
    1. Click Deploy to Oracle Cloud.

      If you aren't already signed in, enter the tenancy and user credentials.

    2. Select the region where you want to deploy the stack.
    3. Follow the on-screen prompts and instructions to create the stack.
    4. After creating the stack, click Terraform Actions, and select Plan.
    5. Wait for the job to be completed, and review the plan.

      To make any changes, return to the Stack Details page, click Edit Stack, and make the required changes. Then, run the Plan action again.

    6. If no further changes are necessary, return to the Stack Details page, click Terraform Actions, and select Apply.
  • Deploy using the Terraform CLI:
    1. Go to GitHub.
    2. Clone or download the repository to your local computer.
    3. Follow the instructions in the README document.

Explore More

Learn more about deployinh a containerized Jenkins CI/CD pipeline by using Terraform on OCI.

Review these additional resources:

Acknowledgments

Author: Ahmed Mansour